def patch_flightplan_preprocessor(instance_id=None, data=None, **kwargs):
user = token_check()
flight_plan = db.session.query(
models.FlightPlan).filter_by(id=instance_id).first()
if not flight_plan:
raise ApiError(f"No flightplan found with id {instance_id}",
status_code=404)
if not flight_plan.owner_id == user.id:
raise ApiError(
"You can only edit flight plans you have permission to edit",
status_code=403)
def newuser(session):
callsign = request.json.get('callsign')
email = request.json.get('email')
password = request.json.get('password')
if callsign is None or email is None or password is None:
raise ApiError("A problem occured with your request", status_code=400)
if session.query(models.User).filter_by(email = email).first() is not None:
raise ApiError("A user with that e-mail already exists", status_code=400)
user = models.User(callsign=callsign, email=email, password=password)
session.add(user)
session.commit()
return jsonify({'callsign': user.callsign, 'email': user.email}), 201
def post_coordinate_preprocessor(data=None, **kwargs):
user = token_check()
fp_id = data['fp_steerpoint_id']
if not fp_id:
raise ApiError(
"You cannot create a coordinate without a fp_steerpoint_id",
status_code=400)
flight_plan = db.session.query(
models.FlightPlan).filter_by(id=fp_id).first()
if user.id != flight_plan.owner_id:
raise ApiError(
"You cannot create coordinates that belong to a flightplan you don't have permission to edit",
status_code=403)
def inner(*args, **kwargs):
auth = request.headers.get('Authorization')
data = request.json
user = None
if isinstance(data, dict):
if data.get('username') and data.get('password'):
user = db.session.query(models.User).filter_by(email=data.get('username')).first()
if not user or not user.check_password(data.get('password')):
raise ApiError("Login information incorrect", status_code=401)
if auth:
user = models.User.verify_auth_token(auth)
if not user:
raise ApiError("Token invalid or expired", status_code=401)
if not user:
raise ApiError("You need to supply login credentials or a token to make this request", status_code=401)
g.user = user
return func(*args, **kwargs)
def inner(*args, **kwargs):
auth_token = request.headers.get('Authorization')
if auth_token is not None:
user = models.User.verify_auth_token(auth_token)
g.user = user
if g.user:
return func(*args, **kwargs)
raise ApiError("You need to authenticate to make this request", status_code=401)
def delete_coordinate_preprocessor(session, instance_id=None, **kwargs):
user = token_check()
coord_object = session.query(
models.Coordinate).filter_by(id=instance_id).first()
if coord_object.steerpoint_flightplan:
if not coord_object.steerpoint_flightplan.owner_id == user.id:
raise ApiError(
"You cannot delete coordinates that belong to a flightplan you don't have permission to edit",
status_code=403)
def list_flightplan_preprocessor(search_params=None, **kwargs):
user = token_check()
if 'filters' in search_params:
if not search_params['filters'][0] == {
'name': 'owner_id',
'op': 'eq',
'val': str(user.id)
}:
raise ApiError(
"You can only list your own flight plans, "
"view https://flask-restless.readthedocs.io/en/stable/searchformat.html#quick-examples "
"for examples",
status_code=403)
else:
raise ApiError(
"You can only list your own flight plans, "
"view https://flask-restless.readthedocs.io/en/stable/searchformat.html#quick-examples "
"for examples",
status_code=403)
def patch_user_preprocessor(instance_id=None, data=None, **kwargs):
user = token_check()
if user.id != instance_id:
raise ApiError("You can only edit your own user", status_code=404)